cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
327
Views
0
Helpful
4
Replies
Dilyan Dimov
Beginner

Looking for a replacement solution

Hello,

I'm working on a project where we have to replace one BlackDiamond 10808 switch and NetScreen ISG1000 firewall. As you can imagine these are pretty old devices although they are solid and still working. So, we decided to look into Cisco as an Enterprise soltuion. The requirements that should be met are:

 

- Gigabit interfaces and firewall throughput (scalable to 10 G - optional)

- BGP with independent AS

- HA with possible second pair of devices in another datacenter

 

I have experience with Cisco's ISR routers but I think that a better solution in this case will be some ASR router probably. Also, the switchports from the BD switch are not part of the current scope. I'm looking for the routing agregation and the firewalling at the moment.

Please for your advise and thanks in advance!

4 REPLIES 4
Reza Sharifi
Hall of Fame Expert

Hi,

The ASR series routers should work fine for what you need.  The only thing is that these are routers and not so firewalls.  So, you can configure them with firewall policies but not sure about the speed (10G) you need if this is a hard requirement.

Here is the data sheet for all models:

https://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/datasheet-c78-731632.html

HTH

 

Yes, that's fine. I was planning to use Cisco ASA as a firewall, behind the routers. Does that make sense?

Hi

Yes, ASR and ASA is a good combination, always check the kind or amount of traffic you will be passing through to have a proper model.

 

https://www.cisco.com/c/dam/assets/prod/routers/cisco-router-selector/index.html

https://www.cisco.com/c/en/us/products/security/product-listing.html

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Yes, it does.  The routers will face the outside (Internet) and the firewalls can be installed right behind the routers. I would use the Firewalls for NAT.

HTH